FreeBSD

IMPLEMENTANDO O SISTEMA DE GERENCIAMENTO DE ACLS DO SQUID, VIA WEB - FREEBSD 4.11 STABLE

########################################################################################

Necessario ja estar feito:

1 - Atualizar Source do FreeBSD
2 - Atualizar Ports
3 - Apache + php (preferencialmente pelo ports)
4 - Instalado Squid (preferencialmente pelo ports)
5 - Instalado Sudo (preferencialmente pelo ports)

########################################################################################

Configurando o sudo

cd /usr/local/etc
vi sudo

(incluir no fim do arquivo as seguintes linhas:)

# Sistema de Gerenciamento do Proxy... Via Web
www     server= NOPASSWD: /usr/local/sbin/squid

(obs.: nao esquecer que o nome "server" precisa ser um nome VALIDO no /etc/hosts )

########################################################################################
PHP - alteração

Infelimznete... da forma que foi feito o codigo do sistema... precisa
ser feita uma pequena alteração no seu /usr/local/etc/php.ini

de " register_globals = Off "
para " register_globals = On "

########################################################################################

Implementando o sistema de Gerenciamento de ACLS do squid, via web

mkdir /pkg
cd /pkg
fetch http://www.bsdux.com.br/arquivos/web-acls-proxy.tar.gz
cd /usr/local/www/data
tar vxfz web-acls-proxy.tar.gz

( Criando o sistema de autenticação via APACHE)
cd admin
htpasswd -c /usr/local/etc/squid/password_proxyadmin proxyadmin
(digitar a senha e depois redigitar novamente)

( Fazendo com que o Apache aceite autenticação)
ee /usr/local/etc/apache2/httpd.conf
(procurar pela palavra ".htaccess)
(alterar a linha:)
AllowOverride None
(Para a linha:)
AllowOverride All

( Observar o squid.conf abaixo e adaptar o seu para o sistema necessario)

########################################################################################

Exemplo de um squid.conf RODANDO

http_port 3128
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 64 MB
cache_swap_low 90
cache_swap_high 95

maximum_object_size 4096 KB
minimum_object_size 1 KB

ipcache_size 1024
ipcache_low 90
ipcache_high 95

cache_dir ufs /usr/local/squid/cache 1000 16 256

reference_age 1 week

acl all src 0.0.0.0/0.0.0.0
acl rede1 src 172.25.25.0/255.255.255.0
acl rede2 src 10.3.149.0/255.255.255.0
acl rede3 src 10.1.133.0/255.255.255.0
acl rede4 src 10.208.1.0/255.255.255.0
acl rede5 src 10.3.146.0/255.255.255.0
acl rede6 src 10.3.148.0/255.255.255.0
#
# INICIO Parte I do WEB-ACLs-PROXY
acl sitebloqueado url_regex -i "/usr/local/www/data-dist/admin/arquivos/site-bloqueado"
acl siteliberado url_regex -i "/usr/local/www/data-dist/admin/arquivos/site-liberado"
acl ipl src "/usr/local/www/data-dist/admin/arquivos/ip-liberado"
acl ipb src "/usr/local/www/data-dist/admin/arquivos/ip-bloqueado"
# FIM Parte I do WEB-ACLs-PROXY
#
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INICIO Parte II do WEB-ACLs-PROXY
http_access allow ipb
http_access allow ipl
http_access allow siteliberado
http_access deny sitebloqueado
# FIM Parte I do WEB-ACLs-PROXY
#
http_access allow rede1
http_access allow rede2
http_access allow rede3
http_access allow rede4
http_access allow rede5
http_access allow rede6
http_access deny all
icp_access allow all

visible_hostname Cache Metro

cache_mgr suporte@seu_dominio.com.br
cache_effective_user nobody
cache_effective_group nogroup

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
ie_refresh on

########################################################################################
Perfeito...... agora para rodar faça o seguinte

killall httpd
killall squid
squid -z
squid
httpd

PRONTOOOO........

pode testar :)

http://ip.do.seu.servidor/admin/

########################################################################################

# README by
# Christopher Giese
# skywarrior@bsdux.com.br
# www.bsdux.com.br